---
title: 'SharePoint Online (v2)'
sidebarTitle: 'SharePoint Online (v2)'
description: 'Access the SharePoint Online (v2) API in 2 minutes 💨'
---

import APIGotchas from "/snippets/microsoft-shared/api-gotchas.mdx"
import UsefulLinks from "/snippets/microsoft-shared/useful-links.mdx"

<Tabs>
  <Tab title="🚀 Quickstart">
    

    <Steps>
      <Step title="Create an integration">
        In Nango ([free signup](https://app.nango.dev)), go to [Integrations](https://app.nango.dev/dev/integrations) -> _Configure New Integration_ -> _SharePoint Online (v2)_.
      </Step>
      <Step title="Authorize SharePoint Online (v2)">
        Go to [Connections](https://app.nango.dev/dev/connections) -> _Add Test Connection_ -> _Authorize_, then log in to SharePoint Online. Later, you'll let your users do the same directly from your app.
      </Step>
      <Step title="Call the SharePoint Online (v2) API">
        Let's make your first request to the SharePoint Online (Microsoft Graph) API (fetch a list of all available sites in an organization). Replace the placeholders below with your [secret key](https://app.nango.dev/dev/environment-settings), [integration ID](https://app.nango.dev/dev/integrations), and [connection ID](https://app.nango.dev/dev/connections):
        <Tabs>
            <Tab title="cURL">

                ```bash
                curl "https://api.nango.dev/proxy/v1.0/sites" \
                  -H "Authorization: Bearer <NANGO-SECRET-KEY>" \
                  -H "Provider-Config-Key: <INTEGRATION-ID>" \
                  -H "Connection-Id: <CONNECTION-ID>"
                ```

            </Tab>

            <Tab title="Node">

            Install Nango's backend SDK with `npm i @nangohq/node`. Then run:

            ```typescript
            import { Nango } from '@nangohq/node';

            const nango = new Nango({ secretKey: '<NANGO-SECRET-KEY>' });

            const res = await nango.get({
                endpoint: '/v1.0/sites',
                providerConfigKey: '<INTEGRATION-ID>',
                connectionId: '<CONNECTION-ID>'
            });

            console.log(res.data);
            ```
            </Tab>

        </Tabs>

        Or fetch credentials dynamically via the [Node SDK](/reference/sdks/node#get-a-connection-with-credentials) or [API](/reference/api/connection/get).

      </Step>
    </Steps>

    ✅ You're connected! Check the [Logs](https://app.nango.dev/dev/logs) tab in Nango to inspect requests.

    <Tip>
    Next step: [Embed the auth flow](/getting-started/quickstart/embed-in-your-app) in your app to let your users connect their SharePoint Online accounts.
    </Tip>
  </Tab>
  <Tab title="🧑‍💻 OAuth app setup">
    <Steps>
      <Step title="Create a Microsoft account and Azure account">
        If you don't already have them, sign up for a [Microsoft account](https://account.microsoft.com/account) and an [Azure account](https://azure.microsoft.com/free).
      </Step>
      <Step title="Register an application in Microsoft Entra ID">
        1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an Application Developer.
        2. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application.
        3. From the search bar at the top of the Azure portal, search for **App registrations** and select it. Then choose **New registration**. Or from your left navigation tab, navigate to **Applications** > **App registrations** then choose **New registration**.
        4. Enter a meaningful name for your application, for example "Nango Integration".
        5. Under **Supported account types** you need to decide who can install your integration:
           - **Accounts in any organizational directory** - Any user account in a professional Microsoft organization (Business, School, etc.)
           - **Accounts in any organizational directory and personal Microsoft accounts** - The accounts from the first option, plus personal Microsoft accounts (pick this unless you want to restrict your integration to business accounts)
        6. Leave the **Redirect URI** section blank for now; we'll configure it in a later step.
        7. Click **Register** to complete the app registration.
      </Step>
      <Step title="Note your application (client) ID">
        After registration, you'll be taken to the application's Overview page. Record the **Application (client) ID**, which uniquely identifies your application and is used in your application's code as part of validating security tokens.
      </Step>
      <Step title="Add a redirect URI">
        1. In the left sidebar, select **Authentication**.
        2. Under **Platform configurations**, select **Add a platform**.
        3. Select **Web** as the platform type.
        4. Enter `https://api.nango.dev/oauth/callback` as the Redirect URI.
        5. Under **Advanced settings**, keep **Allow public client flows** set to the default **No** for web applications.
        6. Click **Configure** to save your changes.
      </Step>
      <Step title="Add API permissions">
        1. In the left sidebar, select **API permissions**.
        2. Click **Add a permission**.
        3. Select **Microsoft Graph** to integrate with **SharePoint Online (v2)**.
        4. Select the required permissions from the **Delegated permissions section**.
        5. Select the specific permissions your app requires, Please refer to the table below for some of the [commonly used scopes](#common-scopes).
        6. Click **Add permissions**.
        7. If your application requires admin consent, click **Grant admin consent for [tenant]** to pre-authorize the permissions.
      </Step>
      <Step title="Create a client secret">
        1. In the left sidebar, select **Certificates & secrets**.
        2. Under **Client secrets**, click **New client secret**.
        3. Enter a description for the secret and select an expiration period (6 months, 12 months, 24 months, or custom). Please select a date further in the future to avoid interruptions, note that the **Custom** date can only be set to a maximum of 1 year from the current date. If the secret expires, you will need to regenerate a new one and update your integration within Nango.
        4. Click **Add**.
        5. **Important**: Copy the secret value immediately and store it securely. You won't be able to see it again after you leave this page.
      </Step>
      <Step title="Configure token settings (optional)">
        1. In the left sidebar, select **Token configuration**. Here you can configure optional claims to be included in the access tokens issued for your application.
        2. Click **Add optional claim** and select the claims you want to include in your access tokens.
      </Step>
      <Step title="Configure app visibility (optional)">
        If you want users to see your app on their My Apps page:

        1. From the search bar at the top of the Azure portal, search for **Enterprise applications**, select it, and then choose your app.
        2. On the **Properties** page, set **Visible to users?** to **Yes**.
      </Step>
      <Step title="Next">
        Follow the [_Quickstart_](/getting-started/quickstart).
      </Step>
    </Steps>

    ## Common Scopes

    | Scope                               | Description                                                                 |
    | ----------------------------------- | --------------------------------------------------------------------------- |
    | `Sites.Read.All`                   | Read SharePoint sites and lists across the organization                     |
    | `Sites.ReadWrite.All`              | Read and write SharePoint sites and lists across the organization           |
    | `Sites.Manage.All`                 | Full control of all site collections without a signed-in user               |
    | `Sites.FullControl.All`            | Have full control of all site collections (includes manage, read/write)     |
    | `Files.Read`                       | Read user files and file properties                                         |
    | `Files.Read.All`                   | Read all files the user can access                                          |
    | `Files.ReadWrite`                  | Read and write user files                                                   |
    | `Files.ReadWrite.All`              | Read and write all files the user can access                                |
    | `offline_access`                   | Access to refresh tokens for offline access                                 |
    | `User.Read.All`                    | Read user profiles in the organization (useful if mapping users to files)   |

  </Tab>
  <Tab title="🔗 Useful links">
    <UsefulLinks />

    <Note>Contribute useful links by [editing this page](https://github.com/nangohq/nango/tree/master/docs/integrations/all/sharepoint-online.mdx)</Note>
  </Tab>
  <Tab title="🚨 API gotchas">


    -   Nango supports both SharePoint Online v1 and v2, providing flexibility for integrations depending on your requirements. SharePoint v1 refers to the older REST API, which uses legacy authentication methods like SharePoint Online (SPO) or older OAuth implementations. Its endpoints follow the pattern `https://<your-tenant>.sharepoint.com/_api/`, and it supports basic SharePoint operations. However, v1 lacks modern features such as delta queries for incremental sync and deep integration with Microsoft 365.
    -   Sharepoint Online v2, on the other hand, is a modernized version aligned with the Microsoft Graph API. It uses OAuth 2.0 with the Microsoft Identity Platform (formerly Azure AD) for secure and scalable authentication. Endpoints for v2 are primarily accessed through `https://graph.microsoft.com/v1.0/sites/...`, and it offers advanced capabilities like delta queries for incremental sync, enhanced performance, and seamless integration with Microsoft 365 services.
    -   You can find permissions required for each API call in their corresponding API methods section, i.e, to get metadata for a list from Sharepoint, you can have a look at [Get metadata for a list permissions](https://learn.microsoft.com/en-us/graph/api/list-get?view=graph-rest-1.0&tabs=http#permissions).

   <APIGotchas />
  #### SharePoint and Graph tokens
  Each connection now issues **two tokens:**
  1. **Main Token (Graph Token):**
    Used for standard Microsoft Graph API operations, such as making proxy calls to the Graph API at `https://graph.microsoft.com`.

  2. **SharePoint Token (`sharepointAccessToken`):**
    Available under `connection_config` and required when interacting with SharePoint-specific components, such as the latest **File Picker (v8.0)**.

  <Note> To obtain the `sharepointAccessToken`, your integration **must include and request the `Sites.Read.All` scope** during authorization. Without this scope, the SharePoint token will **not** be issued — only the Graph token will be available for your connection. </Note>
  - The `sharepointAccessToken` is only available for new connections. If it’s missing from your `connection_config`, please reauthorize your connection to obtain and include the token.

    <Note>Contribute API gotchas by [editing this page](https://github.com/nangohq/nango/tree/master/docs/integrations/all/sharepoint-online.mdx)</Note>
  </Tab>
</Tabs>

<Info>
    Questions? Join us in the [Slack community](https://nango.dev/slack).
</Info>